Esri

Portal For Arcgis

71 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-38038

  • EPSS 0.4%
  • Veröffentlicht 04.10.2024 18:15:07
  • Zuletzt bearbeitet 10.04.2025 20:15:19

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

6.1

CVE-2024-38037

  • EPSS 0.81%
  • Veröffentlicht 04.10.2024 18:15:07
  • Zuletzt bearbeitet 10.04.2025 19:16:00

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.

4.8

CVE-2024-25701

  • EPSS 0.28%
  • Veröffentlicht 04.10.2024 18:15:06
  • Zuletzt bearbeitet 10.04.2025 20:15:18

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Emb...

4.8

CVE-2024-25694

  • EPSS 0.23%
  • Veröffentlicht 04.10.2024 18:15:06
  • Zuletzt bearbeitet 10.04.2025 20:15:18

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Layer Showcase application configuration ...

4.8

CVE-2024-25702

  • EPSS 0.23%
  • Veröffentlicht 04.10.2024 18:15:06
  • Zuletzt bearbeitet 10.04.2025 20:15:18

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when click...

4.8

CVE-2024-25707

  • EPSS 0.32%
  • Veröffentlicht 04.10.2024 18:15:06
  • Zuletzt bearbeitet 15.10.2024 14:34:43

There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScr...

5.4

CVE-2024-38036

  • EPSS 2.7%
  • Veröffentlicht 04.10.2024 18:15:06
  • Zuletzt bearbeitet 10.04.2025 19:15:59

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victi...

6.1

CVE-2024-25691

  • EPSS 0.4%
  • Veröffentlicht 04.10.2024 18:15:05
  • Zuletzt bearbeitet 10.04.2025 20:15:18

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’...

6.1

CVE-2024-25709

  • EPSS 0.08%
  • Veröffentlicht 04.04.2024 18:15:13
  • Zuletzt bearbeitet 13.02.2026 19:41:45

There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, wh...

6.1

CVE-2024-25706

  • EPSS 0.42%
  • Veröffentlicht 04.04.2024 18:15:12
  • Zuletzt bearbeitet 10.04.2025 19:15:58

There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to vis...